Privacy Policy
We are committed to protecting your privacy and ensuring transparency in how we collect, use, and protect your personal information when you use Arkiv services.
I. Controller
The data controller responsible for processing your personal data is:
Golem Factory GmbH
Gartenstrasse 5
6300 Zug, Switzerland
Email: privacy@golem.network
Data Protection Officer: Available upon request via privacy@golem.network
EU Representative: For data subjects in the European Union, you may contact our EU representative at privacy@golem.network.
II. Overview
This privacy policy explains how we process personal data in connection with Arkiv, our universal data layer for Ethereum. We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (FADP).
Important Notice About Blockchain Technology
Arkiv uses blockchain technology, which creates permanent, immutable records. Once data is written to the blockchain, it cannot be deleted or modified. This may limit our ability to fulfill certain data subject rights, particularly the right to erasure ("right to be forgotten").
We implement privacy-by-design principles and store minimal personal data on-chain, using off-chain storage and cryptographic techniques where personal data processing is required.
We collect and process only the data necessary to provide our services, improve user experience, and comply with legal obligations.
III. Legal Basis for Processing
We process personal data based on the following legal grounds:
- Consent: When you explicitly agree to data processing
- Contract performance: To provide Arkiv services you've requested
- Legal obligations: To comply with applicable laws and regulations
- Legitimate interests: For service improvement and security purposes
IV. Data Processing Activities
Website Usage
When you visit our website, we automatically collect technical information including IP addresses, browser types, device information, and usage patterns to ensure website functionality and security. This data is stored for a maximum of 30 days and processed based on our legitimate interest in maintaining website security and functionality.
Blockchain Address Processing
Data Categories: Wallet addresses, transaction hashes, block numbers, timestamps, gas fees, and smart contract interaction data.
Legal Basis: Contract performance (to provide Arkiv services) and legitimate interest (network security and fraud prevention).
Classification: Blockchain addresses are pseudonymous identifiers that may constitute personal data when they can be linked to an identifiable person through additional information.
On-Chain vs Off-Chain Data
On-Chain Data
- Cryptographic hashes
- Transaction metadata
- Smart contract addresses
- Block timestamps
Retention: Permanent (blockchain immutability)
Off-Chain Data
- Account preferences
- Communication data
- Support interactions
- Analytics data
Retention: Variable (can be deleted)
Smart Contract Processing
Smart contracts on Arkiv may automatically process data according to their programmed logic. This processing occurs without human intervention and is necessary for contract execution. Users should review smart contract code before interaction to understand automated processing implications.
Communication and Support
If you contact us or subscribe to updates, we process contact information and communication content to respond to inquiries and provide requested information. This data is retained for up to 3 years based on legal obligations and legitimate business interests.
V. Your Rights
Under applicable data protection laws, you have the following rights. Please note that blockchain technology limitations may affect our ability to fulfill certain requests for on-chain data:
✅ Right to Access
You can request information about your personal data processing. For blockchain data, this includes publicly visible transaction information.
✅ Right to Rectification
We can correct inaccurate off-chain data. For on-chain data, we can provide supplementary information but cannot modify blockchain records.
⚠️ Right to Erasure (Limited)
Off-chain data: Can be deleted upon request where legally permissible.
On-chain data: Cannot be deleted due to blockchain immutability. We can anonymize our records linking blockchain addresses to your identity.
✅ Right to Restrict Processing
We can restrict processing of off-chain personal data. Blockchain processing cannot be restricted as it operates autonomously.
✅ Right to Data Portability
Available for off-chain data in structured formats. Blockchain data is inherently portable through public blockchain explorers.
✅ Right to Object
You can object to processing based on legitimate interests. Note that essential blockchain operations cannot be objected to as they're necessary for service provision.
✅ Right to Withdraw Consent
You can withdraw consent for future processing. Past blockchain transactions cannot be reversed, but future processing can be stopped.
How to Exercise Your Rights
Contact us at privacy@golem.network with:
- Your specific request and preferred outcome
- Wallet address(es) or account identifiers (if applicable)
- Proof of identity (to prevent unauthorized requests)
- Timeframe for response (we respond within 30 days)
Right to Lodge a Complaint: You have the right to lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) or your local data protection authority.
VI. Data Storage and Retention
Off-Chain Data Retention
- Website data: 30 days
- Support communications: 3 years
- Account preferences: Until account deletion
- Analytics data: 26 months (GDPR compliant)
On-Chain Data Retention
- Transaction data: Permanent
- Smart contract interactions: Permanent
- Blockchain addresses: Permanent
- Cryptographic hashes: Permanent
We retain personal data only as long as necessary for the purposes for which it was collected or as required by law. Blockchain data cannot be deleted due to the immutable nature of distributed ledger technology.
Data Minimization Strategy: We implement privacy-by-design principles to minimize personal data stored on-chain, using techniques such as hashing, encryption, and off-chain storage for sensitive information.
VII. International Data Transfers
Blockchain Network Considerations
Blockchain networks are inherently global and decentralized. Data on Arkiv may be processed by network nodes worldwide, including outside the EEA. This is necessary for blockchain functionality and network security.
Safeguards for Data Transfers
- Standard Contractual Clauses (SCCs): For transfers to third-party service providers
- Adequacy Decisions: Transfers to countries with adequate data protection (e.g., Switzerland, UK)
- Consent: Explicit user consent for specific data transfers where required
- Derogations: Contract performance necessity for essential blockchain operations
Third-Party Service Providers
We may share data with carefully selected service providers for:
- Infrastructure hosting and maintenance
- Analytics and performance monitoring
- Customer support and communication
- Security and fraud prevention
All providers are contractually required to provide adequate data protection.
VIII. Policy Updates
We may update this privacy policy from time to time. Material changes will be communicated through our website or other appropriate means. The effective date of the current policy is displayed at the top of this document.
Last updated: October 31, 2025